[openSUSE-SU-2017:3434-1] Security update for Mozilla Thunderbird

Severity Important

Affected Packages 5

CVEs 4

Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities:

CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin (bsc#1074043)
CVE-2017-7847: Local path string can be leaked from RSS feed (bsc#1074044)
CVE-2017-7848: RSS Feed vulnerable to new line Injection (bsc#1074045)
CVE-2017-7829: From address with encoded null character is cut off in message header display (bsc#1074046)

Package	Affected Version
pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.5.2-51.1
pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.5.2-51.1
pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.5.2-51.1
pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.5.2-51.1
pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	< 52.5.2-51.1

ID

openSUSE-SU-2017:3434-1

Severity

important

URL

Published

2017-12-24T22:29:25
(6 years ago)

Modified

2017-12-24T22:29:25
(6 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_3434-1.json
Suse	URL for openSUSE-SU-2017:3434-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AP5ZAGU2HEQMTGXGL2VCNWZVK7AJTIMO/#AP5ZAGU2HEQMTGXGL2VCNWZVK7AJTIMO
Suse	E-Mail link for openSUSE-SU-2017:3434-1	https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AP5ZAGU2HEQMTGXGL2VCNWZVK7AJTIMO/#AP5ZAGU2HEQMTGXGL2VCNWZVK7AJTIMO
Bugzilla	SUSE Bug 1074043	https://bugzilla.suse.com/1074043
Bugzilla	SUSE Bug 1074044	https://bugzilla.suse.com/1074044
Bugzilla	SUSE Bug 1074045	https://bugzilla.suse.com/1074045
Bugzilla	SUSE Bug 1074046	https://bugzilla.suse.com/1074046
CVE	SUSE CVE CVE-2017-7829 page	https://www.suse.com/security/cve/CVE-2017-7829/
CVE	SUSE CVE CVE-2017-7846 page	https://www.suse.com/security/cve/CVE-2017-7846/
CVE	SUSE CVE CVE-2017-7847 page	https://www.suse.com/security/cve/CVE-2017-7847/
CVE	SUSE CVE CVE-2017-7848 page	https://www.suse.com/security/cve/CVE-2017-7848/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/opensuse/MozillaThunderbird?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird	< 52.5.2-51.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-other?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-translations-other	< 52.5.2-51.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-translations-common?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-translations-common	< 52.5.2-51.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-devel?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-devel	< 52.5.2-51.1	opensuse-12	x86_64
Affected	pkg:rpm/opensuse/MozillaThunderbird-buildsymbols?arch=x86_64&distro=opensuse-12&repo=suse-package-hub	opensuse	MozillaThunderbird-buildsymbols	< 52.5.2-51.1	opensuse-12	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date